From 25c618aa2ea3ce0539ee8a91acfd965cd23182b0 Mon Sep 17 00:00:00 2001 From: Sun-ZhenXing <1006925066@qq.com> Date: Fri, 2 Jan 2026 22:06:24 +0800 Subject: [PATCH] feat: add goose --- README.md | 18 ++- README.zh.md | 18 ++- builds/goose/.env.example | 64 ++++++++++ builds/goose/Dockerfile | 46 +++++++ builds/goose/README.md | 195 ++++++++++++++++++++++++++++++ builds/goose/README.zh.md | 195 ++++++++++++++++++++++++++++++ builds/goose/docker-compose.yaml | 54 +++++++++ src/frpc/.env.example | 31 ++++- src/frpc/README.md | 201 +++++++++++++++++++++++++++---- src/frpc/README.zh.md | 201 +++++++++++++++++++++++++++---- src/frpc/docker-compose.yaml | 19 ++- src/frpc/frpc.toml | 27 +++-- src/frps/.env.example | 36 ++++-- src/frps/README.md | 121 +++++++++++++++---- src/frps/README.zh.md | 121 +++++++++++++++---- src/frps/docker-compose.yaml | 23 ++-- src/frps/frps.toml | 21 ++-- 17 files changed, 1241 insertions(+), 150 deletions(-) create mode 100644 builds/goose/.env.example create mode 100644 builds/goose/Dockerfile create mode 100644 builds/goose/README.md create mode 100644 builds/goose/README.zh.md create mode 100644 builds/goose/docker-compose.yaml diff --git a/README.md b/README.md index 51ab185..7688568 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,18 @@ Compose Anything helps users quickly deploy various services by providing a set of high-quality Docker Compose configuration files. These configurations constrain resource usage, can be easily migrated to systems like K8S, and are easy to understand and modify. +## Build Services + +These services require building custom Docker images from source. + +| Service | Version | +| ------------------------------------------- | ------- | +| [Debian DinD](./builds/debian-dind) | 0.1.1 | +| [goose](./builds/goose) | 1.18.0 | +| [IOPaint](./builds/io-paint) | 1.6.0 | +| [K3s inside DinD](./builds/k3s-inside-dind) | 0.2.2 | +| [MinerU vLLM](./builds/mineru) | 2.7.0 | + ## Supported Services | Service | Version | @@ -30,8 +42,8 @@ Compose Anything helps users quickly deploy various services by providing a set | [Elasticsearch](./src/elasticsearch) | 8.16.1 | | [etcd](./src/etcd) | 3.6.0 | | [Firecrawl](./src/firecrawl) | latest | -| [frpc](./src/frpc) | 0.64.0 | -| [frps](./src/frps) | 0.64.0 | +| [frpc](./src/frpc) | 0.65.0 | +| [frps](./src/frps) | 0.65.0 | | [Gitea Runner](./src/gitea-runner) | 0.2.13 | | [Gitea](./src/gitea) | 1.24.6 | | [GitLab Runner](./src/gitlab-runner) | 17.10.1 | @@ -41,7 +53,6 @@ Compose Anything helps users quickly deploy various services by providing a set | [Halo](./src/halo) | 2.21.9 | | [Harbor](./src/harbor) | v2.12.0 | | [HashiCorp Consul](./src/consul) | 1.20.3 | -| [IOPaint](./builds/io-paint) | latest | | [Jenkins](./src/jenkins) | 2.486-lts | | [JODConverter](./src/jodconverter) | latest | | [Kestra](./src/kestra) | latest-full | @@ -58,7 +69,6 @@ Compose Anything helps users quickly deploy various services by providing a set | [Milvus Standalone Embed](./src/milvus-standalone-embed) | v2.6.7 | | [Milvus Standalone](./src/milvus-standalone) | v2.6.7 | | [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest | -| [MinerU vLLM](./builds/mineru) | 2.7.0 | | [MinIO](./src/minio) | 0.20251015 | | [MLflow](./src/mlflow) | v2.20.2 | | [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.2.3 | diff --git a/README.zh.md b/README.zh.md index 5db29cd..ea7affe 100644 --- a/README.zh.md +++ b/README.zh.md @@ -2,6 +2,18 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,帮助用户快速部署各种服务。这些配置约束了资源使用,可快速迁移到 K8S 等系统,并且易于理解和修改。 +## 构建服务 + +这些服务需要从源代码构建自定义 Docker 镜像。 + +| 服务 | 版本 | +| ------------------------------------------- | ------ | +| [Debian DinD](./builds/debian-dind) | 0.1.1 | +| [goose](./builds/goose) | 1.18.0 | +| [IOPaint](./builds/io-paint) | 1.6.0 | +| [K3s inside DinD](./builds/k3s-inside-dind) | 0.2.2 | +| [MinerU vLLM](./builds/mineru) | 2.7.0 | + ## 已经支持的服务 | 服务 | 版本 | @@ -30,8 +42,8 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件, | [Elasticsearch](./src/elasticsearch) | 8.16.1 | | [etcd](./src/etcd) | 3.6.0 | | [Firecrawl](./src/firecrawl) | latest | -| [frpc](./src/frpc) | 0.64.0 | -| [frps](./src/frps) | 0.64.0 | +| [frpc](./src/frpc) | 0.65.0 | +| [frps](./src/frps) | 0.65.0 | | [Gitea Runner](./src/gitea-runner) | 0.2.13 | | [Gitea](./src/gitea) | 1.24.6 | | [GitLab Runner](./src/gitlab-runner) | 17.10.1 | @@ -41,7 +53,6 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件, | [Halo](./src/halo) | 2.21.9 | | [Harbor](./src/harbor) | v2.12.0 | | [HashiCorp Consul](./src/consul) | 1.20.3 | -| [IOPaint](./builds/io-paint) | latest | | [Jenkins](./src/jenkins) | 2.486-lts | | [JODConverter](./src/jodconverter) | latest | | [Kestra](./src/kestra) | latest-full | @@ -58,7 +69,6 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件, | [Milvus Standalone Embed](./src/milvus-standalone-embed) | v2.6.7 | | [Milvus Standalone](./src/milvus-standalone) | v2.6.7 | | [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest | -| [MinerU vLLM](./builds/mineru) | 2.7.0 | | [MinIO](./src/minio) | 0.20251015 | | [MLflow](./src/mlflow) | v2.20.2 | | [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.2.3 | diff --git a/builds/goose/.env.example b/builds/goose/.env.example new file mode 100644 index 0000000..2603469 --- /dev/null +++ b/builds/goose/.env.example @@ -0,0 +1,64 @@ +# goose Configuration +# AI-powered developer agent by Block + +# Global registry prefix (optional) +# Leave empty to pull from Docker Hub +GLOBAL_REGISTRY= + +# goose version +# Default: latest +GOOSE_VERSION=1.18.0 + +# Timezone +# Default: UTC +TZ=UTC + +# ============================================ +# API Configuration +# ============================================ + +# OpenAI API Configuration +# Required if using OpenAI provider +OPENAI_API_KEY= +# Optional: Custom API base URL (e.g., for proxy or local deployment) +OPENAI_API_BASE= + +# Anthropic API Configuration +# Required if using Anthropic provider +ANTHROPIC_API_KEY= + +# Google API Configuration +# Required if using Google provider +GOOGLE_API_KEY= + +# ============================================ +# goose Configuration +# ============================================ + +# AI Provider +# Options: openai, anthropic, google +# Default: openai +GOOSE_PROVIDER=openai + +# AI Model +# For OpenAI: gpt-4, gpt-4-turbo, gpt-3.5-turbo +# For Anthropic: claude-3-opus, claude-3-sonnet, claude-3-haiku +# For Google: gemini-pro +# Default: gpt-4 +GOOSE_MODEL=gpt-4 + +# ============================================ +# Resource Limits +# ============================================ + +# CPU limits +GOOSE_CPU_LIMIT=2.00 +GOOSE_CPU_RESERVATION=0.50 + +# Memory limits +GOOSE_MEMORY_LIMIT=2G +GOOSE_MEMORY_RESERVATION=512M + +# Logging limits +GOOSE_LOG_MAX_SIZE=100m +GOOSE_LOG_MAX_FILE=3 diff --git a/builds/goose/Dockerfile b/builds/goose/Dockerfile new file mode 100644 index 0000000..6a5e521 --- /dev/null +++ b/builds/goose/Dockerfile @@ -0,0 +1,46 @@ +FROM debian:bookworm-slim@sha256:b1a741487078b369e78119849663d7f1a5341ef2768798f7b7406c4240f86aef + +ARG GOOSE_VERSION=1.18.0 +ARG TARGETARCH + +# Install runtime dependencies +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + libssl3 \ + libdbus-1-3 \ + libxcb1 \ + curl \ + bzip2 \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Download and install goose binary based on architecture +RUN ARCH=${TARGETARCH:-amd64} && \ + case "${ARCH}" in \ + amd64) GOOSE_ARCH="x86_64" ;; \ + arm64) GOOSE_ARCH="aarch64" ;; \ + *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \ + esac && \ + curl -fsSL "https://github.com/block/goose/releases/download/v${GOOSE_VERSION}/goose-${GOOSE_ARCH}-unknown-linux-gnu.tar.bz2" \ + -o /tmp/goose.tar.bz2 && \ + tar -xjf /tmp/goose.tar.bz2 -C /usr/local/bin && \ + chmod +x /usr/local/bin/goose && \ + rm /tmp/goose.tar.bz2 + +# Create non-root user +RUN useradd -m -u 1000 -s /bin/bash goose && \ + mkdir -p /home/goose/.config/goose && \ + chown -R goose:goose /home/goose + +# Set up environment +ENV PATH="/usr/local/bin:${PATH}" +ENV HOME="/home/goose" + +# Switch to non-root user +USER goose +WORKDIR /home/goose + +# Default to goose CLI +ENTRYPOINT ["/usr/local/bin/goose"] +CMD ["--help"] diff --git a/builds/goose/README.md b/builds/goose/README.md new file mode 100644 index 0000000..f68f4bb --- /dev/null +++ b/builds/goose/README.md @@ -0,0 +1,195 @@ +# goose + +[中文文档](README.zh.md) + +goose is an AI-powered developer agent created by Block. It helps developers with coding tasks through natural language interaction, offering intelligent code generation, debugging assistance, and project navigation. + +## Features + +- **AI-Powered Development**: Leverage advanced language models for coding assistance +- **Multiple AI Providers**: Support for OpenAI, Anthropic, and Google AI +- **Interactive CLI**: Engage with goose through an intuitive command-line interface +- **Project Understanding**: Analyze and understand your codebase context +- **Code Generation**: Generate code snippets and implementations +- **Debugging Help**: Assist with troubleshooting and error resolution + +## Prerequisites + +- Docker and Docker Compose installed +- An API key from one of the supported AI providers: + - OpenAI API key (for GPT models) + - Anthropic API key (for Claude models) + - Google API key (for Gemini models) + +## Quick Start + +1. Copy the example environment file: + + ```bash + cp .env.example .env + ``` + +2. Edit `.env` and configure your API credentials: + + ```bash + # For OpenAI + OPENAI_API_KEY=your_openai_api_key_here + GOOSE_PROVIDER=openai + GOOSE_MODEL=gpt-4 + + # OR for Anthropic + ANTHROPIC_API_KEY=your_anthropic_api_key_here + GOOSE_PROVIDER=anthropic + GOOSE_MODEL=claude-3-sonnet + + # OR for Google + GOOGLE_API_KEY=your_google_api_key_here + GOOSE_PROVIDER=google + GOOSE_MODEL=gemini-pro + ``` + +3. Build the Docker image: + + ```bash + docker compose build + ``` + +4. Run goose: + + ```bash + docker compose run --rm goose + ``` + +## Usage Examples + +### Interactive Session + +Start an interactive session with goose: + +```bash +docker compose run --rm goose session start +``` + +### Execute a Task + +Run a specific task or query: + +```bash +docker compose run --rm goose run "explain the main function in app.py" +``` + +### Get Help + +View available commands: + +```bash +docker compose run --rm goose --help +``` + +## Configuration + +### Environment Variables + +| Variable | Description | Default | +| -------------------- | --------------------------------------- | -------- | +| `GOOSE_VERSION` | goose Docker image version | `1.18.0` | +| `TZ` | Container timezone | `UTC` | +| `GOOSE_PROVIDER` | AI provider (openai, anthropic, google) | `openai` | +| `GOOSE_MODEL` | AI model to use | `gpt-4` | +| `OPENAI_API_KEY` | OpenAI API key | - | +| `OPENAI_API_BASE` | Custom OpenAI API base URL | - | +| `ANTHROPIC_API_KEY` | Anthropic API key | - | +| `GOOGLE_API_KEY` | Google API key | - | +| `GOOSE_CPU_LIMIT` | CPU limit | `2.00` | +| `GOOSE_MEMORY_LIMIT` | Memory limit | `2G` | + +### Working with Your Project + +Mount your project directory to work with your code: + +```bash +docker compose run --rm -v $(pwd):/workspace goose +``` + +Or add it to the `docker-compose.yaml` volumes section: + +```yaml +volumes: + - ./your-project:/workspace + - goose_config:/home/goose/.config/goose +``` + +## Persistent Configuration + +Configuration and session data are stored in named volumes: + +- `goose_config`: User configuration and preferences +- `goose_workspace`: Workspace files and project data + +To reset configuration: + +```bash +docker compose down -v +``` + +## Resource Limits + +Default resource allocations: + +- **CPU Limit**: 2.00 cores +- **CPU Reservation**: 0.50 cores +- **Memory Limit**: 2G +- **Memory Reservation**: 512M + +Adjust these in `.env` based on your system capabilities. + +## Security Considerations + +1. **API Keys**: Never commit your `.env` file with API keys to version control +2. **Workspace Access**: goose has access to files in the mounted workspace directory +3. **Network**: The container runs without exposed ports by default +4. **User Privileges**: Runs as non-root user (UID 1000) for enhanced security + +## Supported AI Models + +### OpenAI + +- `gpt-4` (recommended) +- `gpt-4-turbo` +- `gpt-3.5-turbo` + +### Anthropic + +- `claude-3-opus` +- `claude-3-sonnet` (recommended) +- `claude-3-haiku` + +### Google + +- `gemini-pro` + +## Troubleshooting + +### API Authentication Errors + +Ensure your API key is correctly set in `.env` and matches your chosen provider. + +### Out of Memory + +If you encounter memory issues, increase `GOOSE_MEMORY_LIMIT` in `.env`. + +### Build Failures + +The initial build may take 15-30 minutes as it compiles goose from source. Ensure you have a stable internet connection. + +## References + +- [Official GitHub Repository](https://github.com/block/goose) +- [Documentation](https://block.github.io/goose/) +- [Contributing Guide](https://github.com/block/goose/blob/main/CONTRIBUTING.md) + +## License + +goose is released under the Apache-2.0 License. See the [official repository](https://github.com/block/goose) for details. + +This Docker Compose configuration is provided as-is for convenience and follows the project's license terms. diff --git a/builds/goose/README.zh.md b/builds/goose/README.zh.md new file mode 100644 index 0000000..cbfa535 --- /dev/null +++ b/builds/goose/README.zh.md @@ -0,0 +1,195 @@ +# goose + +[English Documentation](README.md) + +goose 是由 Block 公司开发的 AI 驱动的开发者助手。它通过自然语言交互帮助开发者完成编码任务,提供智能代码生成、调试协助和项目导航功能。 + +## 功能特性 + +- **AI 驱动开发**:利用先进的语言模型提供编程协助 +- **多 AI 提供商支持**:支持 OpenAI、Anthropic 和 Google AI +- **交互式 CLI**:通过直观的命令行界面与 goose 交互 +- **项目理解**:分析和理解您的代码库上下文 +- **代码生成**:生成代码片段和实现 +- **调试帮助**:协助故障排查和错误解决 + +## 前置要求 + +- 已安装 Docker 和 Docker Compose +- 来自受支持的 AI 提供商之一的 API 密钥: + - OpenAI API 密钥(用于 GPT 模型) + - Anthropic API 密钥(用于 Claude 模型) + - Google API 密钥(用于 Gemini 模型) + +## 快速开始 + +1. 复制示例环境文件: + + ```bash + cp .env.example .env + ``` + +2. 编辑 `.env` 并配置您的 API 凭据: + + ```bash + # 使用 OpenAI + OPENAI_API_KEY=your_openai_api_key_here + GOOSE_PROVIDER=openai + GOOSE_MODEL=gpt-4 + + # 或使用 Anthropic + ANTHROPIC_API_KEY=your_anthropic_api_key_here + GOOSE_PROVIDER=anthropic + GOOSE_MODEL=claude-3-sonnet + + # 或使用 Google + GOOGLE_API_KEY=your_google_api_key_here + GOOSE_PROVIDER=google + GOOSE_MODEL=gemini-pro + ``` + +3. 构建 Docker 镜像: + + ```bash + docker compose build + ``` + +4. 运行 goose: + + ```bash + docker compose run --rm goose + ``` + +## 使用示例 + +### 交互式会话 + +启动与 goose 的交互式会话: + +```bash +docker compose run --rm goose session start +``` + +### 执行任务 + +运行特定任务或查询: + +```bash +docker compose run --rm goose run "解释 app.py 中的主函数" +``` + +### 获取帮助 + +查看可用命令: + +```bash +docker compose run --rm goose --help +``` + +## 配置说明 + +### 环境变量 + +| 变量 | 说明 | 默认值 | +| -------------------- | -------------------------------------- | -------- | +| `GOOSE_VERSION` | goose Docker 镜像版本 | `1.18.0` | +| `TZ` | 容器时区 | `UTC` | +| `GOOSE_PROVIDER` | AI 提供商(openai、anthropic、google) | `openai` | +| `GOOSE_MODEL` | 使用的 AI 模型 | `gpt-4` | +| `OPENAI_API_KEY` | OpenAI API 密钥 | - | +| `OPENAI_API_BASE` | 自定义 OpenAI API 基础 URL | - | +| `ANTHROPIC_API_KEY` | Anthropic API 密钥 | - | +| `GOOGLE_API_KEY` | Google API 密钥 | - | +| `GOOSE_CPU_LIMIT` | CPU 限制 | `2.00` | +| `GOOSE_MEMORY_LIMIT` | 内存限制 | `2G` | + +### 使用您的项目 + +挂载您的项目目录以使用您的代码: + +```bash +docker compose run --rm -v $(pwd):/workspace goose +``` + +或将其添加到 `docker-compose.yaml` 的 volumes 部分: + +```yaml +volumes: + - ./your-project:/workspace + - goose_config:/home/goose/.config/goose +``` + +## 持久化配置 + +配置和会话数据存储在命名卷中: + +- `goose_config`:用户配置和偏好设置 +- `goose_workspace`:工作区文件和项目数据 + +重置配置: + +```bash +docker compose down -v +``` + +## 资源限制 + +默认资源分配: + +- **CPU 限制**:2.00 核心 +- **CPU 预留**:0.50 核心 +- **内存限制**:2G +- **内存预留**:512M + +根据您的系统能力在 `.env` 中调整这些值。 + +## 安全注意事项 + +1. **API 密钥**:切勿将包含 API 密钥的 `.env` 文件提交到版本控制系统 +2. **工作区访问**:goose 可以访问挂载的工作区目录中的文件 +3. **网络**:默认情况下容器不暴露端口 +4. **用户权限**:以非 root 用户(UID 1000)运行以增强安全性 + +## 支持的 AI 模型 + +### OpenAI + +- `gpt-4`(推荐) +- `gpt-4-turbo` +- `gpt-3.5-turbo` + +### Anthropic + +- `claude-3-opus` +- `claude-3-sonnet`(推荐) +- `claude-3-haiku` + +### Google + +- `gemini-pro` + +## 故障排查 + +### API 认证错误 + +确保您的 API 密钥在 `.env` 中正确设置,并与您选择的提供商匹配。 + +### 内存不足 + +如果遇到内存问题,请在 `.env` 中增加 `GOOSE_MEMORY_LIMIT`。 + +### 构建失败 + +初始构建可能需要 15-30 分钟,因为它从源代码编译 goose。请确保您有稳定的互联网连接。 + +## 参考资料 + +- [官方 GitHub 仓库](https://github.com/block/goose) +- [文档](https://block.github.io/goose/) +- [贡献指南](https://github.com/block/goose/blob/main/CONTRIBUTING.md) + +## 许可证 + +goose 在 Apache-2.0 许可证下发布。详情请参阅[官方仓库](https://github.com/block/goose)。 + +此 Docker Compose 配置按原样提供以方便使用,并遵循项目的许可条款。 diff --git a/builds/goose/docker-compose.yaml b/builds/goose/docker-compose.yaml new file mode 100644 index 0000000..7fe124d --- /dev/null +++ b/builds/goose/docker-compose.yaml @@ -0,0 +1,54 @@ +# Docker Compose Configuration for goose +# AI-powered developer agent by Block +# https://github.com/block/goose + +x-defaults: &defaults + restart: unless-stopped + logging: + driver: json-file + options: + max-size: ${GOOSE_LOG_MAX_SIZE:-100m} + max-file: "${GOOSE_LOG_MAX_FILE:-3}" + +services: + goose: + <<: *defaults + build: + context: . + dockerfile: Dockerfile + platforms: + - linux/amd64 + - linux/arm64 + args: + - GOOSE_VERSION=${GOOSE_VERSION:-1.18.0} + image: ${GLOBAL_REGISTRY:-}alexsuntop/goose:${GOOSE_VERSION:-1.18.0} + environment: + - TZ=${TZ:-UTC} + # OpenAI Configuration + - OPENAI_API_KEY=${OPENAI_API_KEY:-} + - OPENAI_API_BASE=${OPENAI_API_BASE:-} + # Anthropic Configuration + - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-} + # Google Configuration + - GOOGLE_API_KEY=${GOOGLE_API_KEY:-} + # Additional environment variables + - GOOSE_PROVIDER=${GOOSE_PROVIDER:-openai} + - GOOSE_MODEL=${GOOSE_MODEL:-gpt-4} + volumes: + - goose_config:/home/goose/.config/goose + - goose_workspace:/workspace + working_dir: /workspace + stdin_open: true + tty: true + deploy: + resources: + limits: + cpus: ${GOOSE_CPU_LIMIT:-2.00} + memory: ${GOOSE_MEMORY_LIMIT:-2G} + reservations: + cpus: ${GOOSE_CPU_RESERVATION:-0.50} + memory: ${GOOSE_MEMORY_RESERVATION:-512M} + +volumes: + goose_config: + goose_workspace: diff --git a/src/frpc/.env.example b/src/frpc/.env.example index 316343e..3f38c67 100644 --- a/src/frpc/.env.example +++ b/src/frpc/.env.example @@ -1,7 +1,28 @@ -# FRP Client Version -FRPC_VERSION=0.64.0 +# Global registry prefix for pulling images (optional) +# GLOBAL_REGISTRY= -# FRP server configuration -FRP_SERVER_ADDR=your.server.com +# Timezone setting (default: UTC) +TZ=UTC + +# FRP Client Version +FRPC_VERSION=0.65.0 + +# FRP server connection settings +FRP_SERVER_ADDR=127.0.0.1 FRP_SERVER_PORT=7000 -FRP_SERVER_TOKEN=your_token_here +FRP_SERVER_TOKEN=server_token + +# Local application host (use host.docker.internal to access host machine) +FRP_APP_HOST=127.0.0.1 + +# Admin dashboard configuration +FRP_ADMIN_ADDR=0.0.0.0 +FRP_ADMIN_PORT=7400 +FRP_ADMIN_USER=admin +FRP_ADMIN_PASSWORD=password + +# Resource limits +FRPC_CPU_LIMIT=0.5 +FRPC_MEMORY_LIMIT=128M +FRPC_CPU_RESERVATION=0.1 +FRPC_MEMORY_RESERVATION=64M diff --git a/src/frpc/README.md b/src/frpc/README.md index 3de8c85..a9daecb 100644 --- a/src/frpc/README.md +++ b/src/frpc/README.md @@ -1,12 +1,40 @@ -# FRPC (Intranet Penetration Client) +# FRPC (FRP Client) [English](./README.md) | [中文](./README.zh.md) -This is an FRPC (Intranet Penetration Client) service. +FRPC is a fast reverse proxy client that connects to an FRP server to expose local services to the internet. This is the client component of the FRP (Fast Reverse Proxy) tool. -## Example +## Quick Start -Taking SSH service penetration as an example, create a new `frpc.toml` configuration file with the following content: +1. Create a `.env` file from `.env.example`: + + ```bash + cp .env.example .env + ``` + +2. Edit the `.env` file and configure the FRP server connection: + + ```properties + FRP_SERVER_ADDR=your.frp.server.com + FRP_SERVER_PORT=7000 + FRP_SERVER_TOKEN=your_server_token + ``` + +3. Create a `frpc.toml` configuration file with your proxy rules (see example below). + +4. Start the service: + + ```bash + docker compose up -d + ``` + +## Configuration File + +The client requires a `frpc.toml` file to define proxy rules. Here are some common examples: + +### Example 1: SSH Service Proxy + +Expose a local SSH service to the internet: ```toml serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}" @@ -14,38 +42,165 @@ serverPort = {{ .Envs.FRP_SERVER_PORT }} auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}" [[proxies]] -name = "app_22" +name = "ssh" type = "tcp" -remotePort = 23922 -localIP = "192.168.10.100" +remotePort = 6000 +localIP = "{{ .Envs.FRP_APP_HOST }}" localPort = 22 ``` -Configure the remote FRPS service address in the `.env` file: +This configuration will: -```properties -FRP_SERVER_ADDR=frps.example.com -FRP_SERVER_PORT=9870 -FRP_SERVER_TOKEN=password +- Connect to the FRP server at `FRP_SERVER_ADDR:FRP_SERVER_PORT` +- Expose local SSH (port 22) through the server's port 6000 +- Access the service via `FRP_SERVER_ADDR:6000` + +### Example 2: Web Service Proxy + +Expose a local web application: + +```toml +serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}" +serverPort = {{ .Envs.FRP_SERVER_PORT }} +auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}" + +[[proxies]] +name = "web" +type = "http" +customDomains = ["your-domain.com"] +localIP = "{{ .Envs.FRP_APP_HOST }}" +localPort = 8080 ``` -Start the service to proxy `192.168.10.100:22` to `FRP_SERVER_ADDR:23922`. +### Example 3: Multiple Services -```bash -docker compose up -d +Proxy multiple services simultaneously: + +```toml +serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}" +serverPort = {{ .Envs.FRP_SERVER_PORT }} +auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}" + +[[proxies]] +name = "ssh" +type = "tcp" +remotePort = 6000 +localIP = "192.168.1.100" +localPort = 22 + +[[proxies]] +name = "web" +type = "tcp" +remotePort = 8080 +localIP = "192.168.1.101" +localPort = 80 ``` -## Services +### Example 4: Admin Dashboard -- `frpc`: The FRPC client service. +Enable the admin dashboard to monitor the client: -## Configuration +```toml +serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}" +serverPort = {{ .Envs.FRP_SERVER_PORT }} +auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}" -- `FRPC_VERSION`: The version of the FRPC image, default is `0.64.0`. -- `FRP_SERVER_ADDR`: The remote FRPS server address. -- `FRP_SERVER_PORT`: The remote FRPS server port. -- `FRP_SERVER_TOKEN`: The token for connecting to FRPS. +webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}" +webServer.port = {{ .Envs.FRP_ADMIN_PORT }} +webServer.user = "{{ .Envs.FRP_ADMIN_USER }}" +webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}" + +[[proxies]] +name = "app" +type = "tcp" +remotePort = 9000 +localIP = "{{ .Envs.FRP_APP_HOST }}" +localPort = 3000 +``` + +Access the admin dashboard at `http://localhost:7400` (default). + +## Environment Variables + +### Image Configuration + +- `GLOBAL_REGISTRY`: Optional global registry prefix for pulling images +- `FRPC_VERSION`: FRPC image version (default: `0.65.0`) +- `TZ`: Timezone setting (default: `UTC`) + +### Server Connection + +- `FRP_SERVER_ADDR`: FRP server address (**required**, e.g., `frp.example.com` or `192.168.1.1`) +- `FRP_SERVER_PORT`: FRP server port (default: `7000`) +- `FRP_SERVER_TOKEN`: Authentication token for connecting to the server (**must match server token**) + +### Local Application + +- `FRP_APP_HOST`: Local application host address (default: `127.0.0.1`) + - Use `host.docker.internal` to access services running on the host machine + - Use specific IP addresses for services on your local network + +### Admin Dashboard (Optional) + +- `FRP_ADMIN_ADDR`: Admin dashboard bind address (default: `0.0.0.0`) +- `FRP_ADMIN_PORT`: Admin dashboard port (default: `7400`) +- `FRP_ADMIN_USER`: Admin dashboard username (default: `admin`) +- `FRP_ADMIN_PASSWORD`: Admin dashboard password (default: `password`) + +### Resource Limits + +- `FRPC_CPU_LIMIT`: CPU limit (default: `0.5`) +- `FRPC_MEMORY_LIMIT`: Memory limit (default: `128M`) +- `FRPC_CPU_RESERVATION`: CPU reservation (default: `0.1`) +- `FRPC_MEMORY_RESERVATION`: Memory reservation (default: `64M`) ## Volumes -- `frpc.toml`: The configuration file for FRPC. +- `./frpc.toml:/etc/frp/frpc.toml`: FRPC configuration file + +## Accessing Host Services + +To access services running on your host machine from within the container, use `host.docker.internal`: + +```properties +FRP_APP_HOST=host.docker.internal +``` + +Then in your `frpc.toml`: + +```toml +[[proxies]] +name = "local-service" +type = "tcp" +remotePort = 8080 +localIP = "{{ .Envs.FRP_APP_HOST }}" +localPort = 3000 +``` + +This will expose your host's port 3000 through the FRP server's port 8080. + +## Security Notes + +1. **Secure your token**: Keep your `FRP_SERVER_TOKEN` secret and use a strong, random value +2. **Limit exposure**: Only expose the services you actually need +3. **Use encryption**: Consider using HTTPS/TLS for sensitive services +4. **Monitor access**: Enable the admin dashboard to monitor active connections + +## Troubleshooting + +### Cannot connect to FRP server + +- Verify `FRP_SERVER_ADDR` and `FRP_SERVER_PORT` are correct +- Ensure the FRP server is running and accessible +- Check that `FRP_SERVER_TOKEN` matches the server configuration + +### Cannot access local service + +- Verify `FRP_APP_HOST` is correct +- For host services, ensure you're using `host.docker.internal` +- For network services, ensure the IP address and port are correct +- Check firewall rules on both client and server sides + +## License + +FRP is licensed under the Apache License 2.0. See the [FRP GitHub repository](https://github.com/fatedier/frp) for more details. diff --git a/src/frpc/README.zh.md b/src/frpc/README.zh.md index 379facd..37751a2 100644 --- a/src/frpc/README.zh.md +++ b/src/frpc/README.zh.md @@ -1,12 +1,40 @@ -# FRPC (内网穿透客户端) +# FRPC(FRP 客户端) [English](./README.md) | [中文](./README.zh.md) -这是一个 FRPC(内网穿透客户端)服务。 +FRPC 是一个快速反向代理客户端,连接到 FRP 服务器以将本地服务暴露到互联网。这是 FRP(Fast Reverse Proxy)工具的客户端组件。 -## 示例 +## 快速开始 -以 SSH 服务穿透为例,新建 `frpc.toml` 配置文件,内容如下: +1. 从 `.env.example` 创建 `.env` 文件: + + ```bash + cp .env.example .env + ``` + +2. 编辑 `.env` 文件并配置 FRP 服务器连接: + + ```properties + FRP_SERVER_ADDR=your.frp.server.com + FRP_SERVER_PORT=7000 + FRP_SERVER_TOKEN=your_server_token + ``` + +3. 创建包含代理规则的 `frpc.toml` 配置文件(参见下面的示例)。 + +4. 启动服务: + + ```bash + docker compose up -d + ``` + +## 配置文件 + +客户端需要一个 `frpc.toml` 文件来定义代理规则。以下是一些常见示例: + +### 示例 1:SSH 服务代理 + +将本地 SSH 服务暴露到互联网: ```toml serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}" @@ -14,38 +42,165 @@ serverPort = {{ .Envs.FRP_SERVER_PORT }} auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}" [[proxies]] -name = "app_22" +name = "ssh" type = "tcp" -remotePort = 23922 -localIP = "192.168.10.100" +remotePort = 6000 +localIP = "{{ .Envs.FRP_APP_HOST }}" localPort = 22 ``` -配置远程 FRPS 服务地址到 `.env` 文件中: +此配置将: -```properties -FRP_SERVER_ADDR=frps.example.com -FRP_SERVER_PORT=9870 -FRP_SERVER_TOKEN=password +- 连接到 `FRP_SERVER_ADDR:FRP_SERVER_PORT` 的 FRP 服务器 +- 通过服务器的 6000 端口暴露本地 SSH(22 端口) +- 通过 `FRP_SERVER_ADDR:6000` 访问服务 + +### 示例 2:Web 服务代理 + +暴露本地 Web 应用程序: + +```toml +serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}" +serverPort = {{ .Envs.FRP_SERVER_PORT }} +auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}" + +[[proxies]] +name = "web" +type = "http" +customDomains = ["your-domain.com"] +localIP = "{{ .Envs.FRP_APP_HOST }}" +localPort = 8080 ``` -启动服务,即可代理 `192.168.10.100:22` 到 `FRP_SERVER_ADDR:23922`。 +### 示例 3:多个服务 -```bash -docker compose up -d +同时代理多个服务: + +```toml +serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}" +serverPort = {{ .Envs.FRP_SERVER_PORT }} +auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}" + +[[proxies]] +name = "ssh" +type = "tcp" +remotePort = 6000 +localIP = "192.168.1.100" +localPort = 22 + +[[proxies]] +name = "web" +type = "tcp" +remotePort = 8080 +localIP = "192.168.1.101" +localPort = 80 ``` -## 服务 +### 示例 4:管理面板 -- `frpc`: FRPC 客户端服务。 +启用管理面板以监控客户端: -## 配置 +```toml +serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}" +serverPort = {{ .Envs.FRP_SERVER_PORT }} +auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}" -- `FRPC_VERSION`: FRPC 镜像的版本,默认为 `0.64.0`。 -- `FRP_SERVER_ADDR`: 远程 FRPS 服务器地址。 -- `FRP_SERVER_PORT`: 远程 FRPS 服务器端口。 -- `FRP_SERVER_TOKEN`: 用于连接 FRPS 的令牌。 +webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}" +webServer.port = {{ .Envs.FRP_ADMIN_PORT }} +webServer.user = "{{ .Envs.FRP_ADMIN_USER }}" +webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}" + +[[proxies]] +name = "app" +type = "tcp" +remotePort = 9000 +localIP = "{{ .Envs.FRP_APP_HOST }}" +localPort = 3000 +``` + +在 `http://localhost:7400`(默认)访问管理面板。 + +## 环境变量 + +### 镜像配置 + +- `GLOBAL_REGISTRY`:可选的全局镜像仓库前缀 +- `FRPC_VERSION`:FRPC 镜像版本(默认:`0.65.0`) +- `TZ`:时区设置(默认:`UTC`) + +### 服务器连接 + +- `FRP_SERVER_ADDR`:FRP 服务器地址(**必需**,例如 `frp.example.com` 或 `192.168.1.1`) +- `FRP_SERVER_PORT`:FRP 服务器端口(默认:`7000`) +- `FRP_SERVER_TOKEN`:连接到服务器的认证令牌(**必须与服务器令牌匹配**) + +### 本地应用 + +- `FRP_APP_HOST`:本地应用主机地址(默认:`127.0.0.1`) + - 使用 `host.docker.internal` 访问运行在主机上的服务 + - 使用特定 IP 地址访问本地网络上的服务 + +### 管理面板(可选) + +- `FRP_ADMIN_ADDR`:管理面板绑定地址(默认:`0.0.0.0`) +- `FRP_ADMIN_PORT`:管理面板端口(默认:`7400`) +- `FRP_ADMIN_USER`:管理面板用户名(默认:`admin`) +- `FRP_ADMIN_PASSWORD`:管理面板密码(默认:`password`) + +### 资源限制 + +- `FRPC_CPU_LIMIT`:CPU 限制(默认:`0.5`) +- `FRPC_MEMORY_LIMIT`:内存限制(默认:`128M`) +- `FRPC_CPU_RESERVATION`:CPU 预留(默认:`0.1`) +- `FRPC_MEMORY_RESERVATION`:内存预留(默认:`64M`) ## 卷 -- `frpc.toml`: FRPC 的配置文件。 +- `./frpc.toml:/etc/frp/frpc.toml`:FRPC 配置文件 + +## 访问主机服务 + +要从容器内访问运行在主机上的服务,请使用 `host.docker.internal`: + +```properties +FRP_APP_HOST=host.docker.internal +``` + +然后在 `frpc.toml` 中: + +```toml +[[proxies]] +name = "local-service" +type = "tcp" +remotePort = 8080 +localIP = "{{ .Envs.FRP_APP_HOST }}" +localPort = 3000 +``` + +这将通过 FRP 服务器的 8080 端口暴露主机的 3000 端口。 + +## 安全注意事项 + +1. **保护令牌安全**:保持 `FRP_SERVER_TOKEN` 机密并使用强随机值 +2. **限制暴露**:只暴露实际需要的服务 +3. **使用加密**:对于敏感服务考虑使用 HTTPS/TLS +4. **监控访问**:启用管理面板以监控活动连接 + +## 故障排除 + +### 无法连接到 FRP 服务器 + +- 验证 `FRP_SERVER_ADDR` 和 `FRP_SERVER_PORT` 是否正确 +- 确保 FRP 服务器正在运行且可访问 +- 检查 `FRP_SERVER_TOKEN` 是否与服务器配置匹配 + +### 无法访问本地服务 + +- 验证 `FRP_APP_HOST` 是否正确 +- 对于主机服务,确保使用 `host.docker.internal` +- 对于网络服务,确保 IP 地址和端口正确 +- 检查客户端和服务器端的防火墙规则 + +## 许可证 + +FRP 采用 Apache License 2.0 许可证。详情请参阅 [FRP GitHub 仓库](https://github.com/fatedier/frp)。 diff --git a/src/frpc/docker-compose.yaml b/src/frpc/docker-compose.yaml index 2798d10..ebba719 100644 --- a/src/frpc/docker-compose.yaml +++ b/src/frpc/docker-compose.yaml @@ -9,14 +9,23 @@ x-defaults: &defaults services: frpc: <<: *defaults - image: ${GLOBAL_REGISTRY:-}snowdreamtech/frpc:${FRPC_VERSION:-0.64.0} + image: ${GLOBAL_REGISTRY:-}snowdreamtech/frpc:${FRPC_VERSION:-0.65.0} + ports: + - "${FRP_ADMIN_PORT:-7400}:${FRP_ADMIN_PORT:-7400}" volumes: - - ./frpc.toml:/etc/frp/frpc.toml:ro + - ./frpc.toml:/etc/frp/frpc.toml environment: TZ: ${TZ:-UTC} - FRP_SERVER_ADDR: ${FRP_SERVER_ADDR} - FRP_SERVER_PORT: ${FRP_SERVER_PORT} - FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN} + FRP_SERVER_ADDR: ${FRP_SERVER_ADDR:-127.0.0.1} + FRP_SERVER_PORT: ${FRP_SERVER_PORT:-7000} + FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN:-server_token} + FRP_APP_HOST: ${FRP_APP_HOST:-127.0.0.1} + FRP_ADMIN_ADDR: ${FRP_ADMIN_ADDR:-0.0.0.0} + FRP_ADMIN_PORT: ${FRP_ADMIN_PORT:-7400} + FRP_ADMIN_USER: ${FRP_ADMIN_USER:-admin} + FRP_ADMIN_PASSWORD: ${FRP_ADMIN_PASSWORD:-password} + extra_hosts: + - "host.docker.internal:host-gateway" deploy: resources: limits: diff --git a/src/frpc/frpc.toml b/src/frpc/frpc.toml index dc09b39..d0736f0 100644 --- a/src/frpc/frpc.toml +++ b/src/frpc/frpc.toml @@ -1,10 +1,21 @@ -[common] -server_addr = {{ .Envs.FRP_SERVER_ADDR }} -server_port = {{ .Envs.FRP_SERVER_PORT }} -token = {{ .Envs.FRP_SERVER_TOKEN }} +serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}" +serverPort = {{ .Envs.FRP_SERVER_PORT }} -[app] +[auth] +token = "{{ .Envs.FRP_SERVER_TOKEN }}" + +[transport] +protocol = "kcp" + +[webServer] +addr = "{{ .Envs.FRP_ADMIN_ADDR }}" +port = {{ .Envs.FRP_ADMIN_PORT }} +user = "{{ .Envs.FRP_ADMIN_USER }}" +password = "{{ .Envs.FRP_ADMIN_PASSWORD }}" + +[[proxies]] +name = "ssh" type = "tcp" -remote_port = 22 -local_ip = {{ .Envs.APP_HOST }} -local_port = 22 +localPort = 22 +remotePort = 22 +localIp = "{{ .Envs.FRP_APP_HOST }}" diff --git a/src/frps/.env.example b/src/frps/.env.example index 54883b5..857cc26 100644 --- a/src/frps/.env.example +++ b/src/frps/.env.example @@ -1,15 +1,31 @@ +# Global registry prefix for pulling images (optional) +# GLOBAL_REGISTRY= + +# Timezone setting (default: UTC) +TZ=UTC + # FRP Server Version -FRPS_VERSION=0.64.0 +FRPS_VERSION=0.65.0 -# FRP server configuration -FRP_SERVER_TOKEN=your_token_here -FRP_SERVER_PORT=9870 -FRP_ADMIN_PORT=7890 +# Authentication settings +FRP_AUTH_METHOD=token +FRP_SERVER_TOKEN=server_token -# Admin credentials +# Server port configuration +FRP_SERVER_PORT=7000 + +# Admin dashboard configuration +FRP_ADMIN_ADDR=0.0.0.0 +FRP_ADMIN_PORT=7500 FRP_ADMIN_USER=admin -FRP_ADMIN_PASS=password +FRP_ADMIN_PASSWORD=password -# Port overrides -FRP_PORT_OVERRIDE_SERVER=9870 -FRP_PORT_OVERRIDE_ADMIN=7890 +# Port overrides (host ports to map to container ports) +FRP_PORT_OVERRIDE_SERVER=7000 +FRP_PORT_OVERRIDE_ADMIN=7500 + +# Resource limits +FRPS_CPU_LIMIT=0.5 +FRPS_MEMORY_LIMIT=128M +FRPS_CPU_RESERVATION=0.1 +FRPS_MEMORY_RESERVATION=64M diff --git a/src/frps/README.md b/src/frps/README.md index c5c25d9..6adfa90 100644 --- a/src/frps/README.md +++ b/src/frps/README.md @@ -1,34 +1,63 @@ -# FRPS (Intranet Penetration Server) +# FRPS (FRP Server) [English](./README.md) | [中文](./README.zh.md) -This is an FRPS (Intranet Penetration Server) service. +FRPS is a fast reverse proxy server that helps expose local servers behind NAT and firewalls to the internet. This is the server component of the FRP (Fast Reverse Proxy) tool. -## Example +## Quick Start -Create a new `frps.toml` configuration file with the following content: +1. Create a `.env` file from `.env.example`: + + ```bash + cp .env.example .env + ``` + +2. Edit the `.env` file and configure authentication credentials: + + ```properties + FRP_SERVER_TOKEN=your_secure_token_here + FRP_ADMIN_USER=your_admin_username + FRP_ADMIN_PASSWORD=your_secure_password + ``` + +3. Create a `frps.toml` configuration file or use the provided template. + +4. Start the service: + + ```bash + docker compose up -d + ``` + +The server will be accessible on: + +- FRP server port: `7000` (default) +- Admin dashboard: `http://localhost:7500` (default) + +## Configuration File + +Example `frps.toml`: ```toml bindPort = {{ .Envs.FRP_SERVER_PORT }} + +auth.method = "{{ .Envs.FRP_AUTH_METHOD }}" auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}" -webServer.addr = "0.0.0.0" +webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}" webServer.port = {{ .Envs.FRP_ADMIN_PORT }} webServer.user = "{{ .Envs.FRP_ADMIN_USER }}" -webServer.password = "{{ .Envs.FRP_ADMIN_PASS }}" +webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}" ``` -Configure secrets and other information in the `.env` file: +## Network Modes -```properties -FRP_SERVER_TOKEN=token -FRP_ADMIN_USER=admin -FRP_ADMIN_PASS=password -``` +### Standard Mode (Default) -Start the service to proxy client requests. Note that you need to map the client's port. You can share the service through HOST network or shared network. +Uses port mapping as configured in `docker-compose.yaml`. -To enable HOST mode, use the following method: +### Host Network Mode + +For better performance and access to all ports, use host network mode: ```yaml services: @@ -37,21 +66,61 @@ services: network_mode: host ``` -## Services +**Note**: When using host network mode, the `ports` section is ignored and the service directly uses host ports. -- `frps`: The FRPS server service. +## Environment Variables -## Configuration +### Image Configuration -- `FRPS_VERSION`: The version of the FRPS image, default is `0.64.0`. -- `FRP_SERVER_PORT`: The port for the FRPS server, default is `9870`. -- `FRP_ADMIN_PORT`: The port for the FRPS admin dashboard, default is `7890`. -- `FRP_PORT_OVERRIDE_SERVER`: The host port to map to the FRPS server port. -- `FRP_PORT_OVERRIDE_ADMIN`: The host port to map to the FRPS admin port. -- `FRP_SERVER_TOKEN`: The token for authenticating clients. -- `FRP_ADMIN_USER`: The username for the admin dashboard, default is `admin`. -- `FRP_ADMIN_PASS`: The password for the admin dashboard, default is `password`. +- `GLOBAL_REGISTRY`: Optional global registry prefix for pulling images +- `FRPS_VERSION`: FRPS image version (default: `0.65.0`) +- `TZ`: Timezone setting (default: `UTC`) + +### Server Configuration + +- `FRP_AUTH_METHOD`: Authentication method (default: `token`) +- `FRP_SERVER_TOKEN`: Token for client authentication (**change this for security**) +- `FRP_SERVER_PORT`: FRP server port (default: `7000`) + +### Admin Dashboard + +- `FRP_ADMIN_ADDR`: Admin dashboard bind address (default: `0.0.0.0`) +- `FRP_ADMIN_PORT`: Admin dashboard port (default: `7500`) +- `FRP_ADMIN_USER`: Admin dashboard username (default: `admin`) +- `FRP_ADMIN_PASSWORD`: Admin dashboard password (**change this for security**) + +### Port Overrides + +- `FRP_PORT_OVERRIDE_SERVER`: Host port to map to FRP server port (default: `7000`) +- `FRP_PORT_OVERRIDE_ADMIN`: Host port to map to admin dashboard (default: `7500`) + +### Resource Limits + +- `FRPS_CPU_LIMIT`: CPU limit (default: `0.5`) +- `FRPS_MEMORY_LIMIT`: Memory limit (default: `128M`) +- `FRPS_CPU_RESERVATION`: CPU reservation (default: `0.1`) +- `FRPS_MEMORY_RESERVATION`: Memory reservation (default: `64M`) ## Volumes -- `frps.toml`: The configuration file for FRPS. +- `./frps.toml:/etc/frp/frps.toml`: FRPS configuration file + +## Security Notes + +1. **Change default credentials**: Always change `FRP_SERVER_TOKEN`, `FRP_ADMIN_USER`, and `FRP_ADMIN_PASSWORD` from their default values +2. **Use strong passwords**: Use complex, randomly generated passwords and tokens +3. **Firewall rules**: Consider limiting access to the admin dashboard to trusted IP addresses +4. **TLS/SSL**: For production use, consider setting up TLS encryption in the FRP configuration + +## Health Check + +The service includes a health check that verifies the admin dashboard is accessible. The health check: + +- Runs every 30 seconds +- Has a 10-second timeout +- Retries up to 3 times +- Waits 10 seconds before the first check after startup + +## License + +FRP is licensed under the Apache License 2.0. See the [FRP GitHub repository](https://github.com/fatedier/frp) for more details. diff --git a/src/frps/README.zh.md b/src/frps/README.zh.md index 5bf0b4e..31311b9 100644 --- a/src/frps/README.zh.md +++ b/src/frps/README.zh.md @@ -1,34 +1,63 @@ -# FRPS (内网穿透服务端) +# FRPS(FRP 服务端) [English](./README.md) | [中文](./README.zh.md) -这是一个 FRPS(内网穿透服务端)服务。 +FRPS 是一个快速反向代理服务器,可以帮助将 NAT 和防火墙后面的本地服务器暴露到互联网。这是 FRP(Fast Reverse Proxy)工具的服务端组件。 -## 示例 +## 快速开始 -新建 `frps.toml` 配置文件,内容如下: +1. 从 `.env.example` 创建 `.env` 文件: + + ```bash + cp .env.example .env + ``` + +2. 编辑 `.env` 文件并配置认证凭据: + + ```properties + FRP_SERVER_TOKEN=your_secure_token_here + FRP_ADMIN_USER=your_admin_username + FRP_ADMIN_PASSWORD=your_secure_password + ``` + +3. 创建 `frps.toml` 配置文件或使用提供的模板。 + +4. 启动服务: + + ```bash + docker compose up -d + ``` + +服务将在以下位置可访问: + +- FRP 服务端口:`7000`(默认) +- 管理面板:`http://localhost:7500`(默认) + +## 配置文件 + +示例 `frps.toml`: ```toml bindPort = {{ .Envs.FRP_SERVER_PORT }} + +auth.method = "{{ .Envs.FRP_AUTH_METHOD }}" auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}" -webServer.addr = "0.0.0.0" +webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}" webServer.port = {{ .Envs.FRP_ADMIN_PORT }} webServer.user = "{{ .Envs.FRP_ADMIN_USER }}" -webServer.password = "{{ .Envs.FRP_ADMIN_PASS }}" +webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}" ``` -配置密钥等信息到 `.env` 文件中: +## 网络模式 -```properties -FRP_SERVER_TOKEN=token -FRP_ADMIN_USER=admin -FRP_ADMIN_PASS=password -``` +### 标准模式(默认) -启动服务,即可代理客户端请求,注意需要将客户端的端口映射出来。可以通过 HOST 网络或共享网络的方式共享服务。 +使用 `docker-compose.yaml` 中配置的端口映射。 -使用如下方法启用 HOST 模式: +### Host 网络模式 + +为了获得更好的性能和访问所有端口,可以使用 host 网络模式: ```yaml services: @@ -37,21 +66,61 @@ services: network_mode: host ``` -## 服务 +**注意**:使用 host 网络模式时,`ports` 部分将被忽略,服务直接使用主机端口。 -- `frps`: FRPS 服务端服务。 +## 环境变量 -## 配置 +### 镜像配置 -- `FRPS_VERSION`: FRPS 镜像的版本,默认为 `0.64.0`。 -- `FRP_SERVER_PORT`: FRPS 服务端口,默认为 `9870`。 -- `FRP_ADMIN_PORT`: FRPS 管理面板端口,默认为 `7890`。 -- `FRP_PORT_OVERRIDE_SERVER`: 映射到 FRPS 服务端口的主机端口。 -- `FRP_PORT_OVERRIDE_ADMIN`: 映射到 FRPS 管理面板端口的主机端口。 -- `FRP_SERVER_TOKEN`: 用于认证客户端的令牌。 -- `FRP_ADMIN_USER`: 管理面板的用户名,默认为 `admin`。 -- `FRP_ADMIN_PASS`: 管理面板的密码,默认为 `password`。 +- `GLOBAL_REGISTRY`:可选的全局镜像仓库前缀 +- `FRPS_VERSION`:FRPS 镜像版本(默认:`0.65.0`) +- `TZ`:时区设置(默认:`UTC`) + +### 服务器配置 + +- `FRP_AUTH_METHOD`:认证方法(默认:`token`) +- `FRP_SERVER_TOKEN`:客户端认证令牌(**请修改以确保安全**) +- `FRP_SERVER_PORT`:FRP 服务端口(默认:`7000`) + +### 管理面板 + +- `FRP_ADMIN_ADDR`:管理面板绑定地址(默认:`0.0.0.0`) +- `FRP_ADMIN_PORT`:管理面板端口(默认:`7500`) +- `FRP_ADMIN_USER`:管理面板用户名(默认:`admin`) +- `FRP_ADMIN_PASSWORD`:管理面板密码(**请修改以确保安全**) + +### 端口覆盖 + +- `FRP_PORT_OVERRIDE_SERVER`:映射到 FRP 服务端口的主机端口(默认:`7000`) +- `FRP_PORT_OVERRIDE_ADMIN`:映射到管理面板的主机端口(默认:`7500`) + +### 资源限制 + +- `FRPS_CPU_LIMIT`:CPU 限制(默认:`0.5`) +- `FRPS_MEMORY_LIMIT`:内存限制(默认:`128M`) +- `FRPS_CPU_RESERVATION`:CPU 预留(默认:`0.1`) +- `FRPS_MEMORY_RESERVATION`:内存预留(默认:`64M`) ## 卷 -- `frps.toml`: FRPS 的配置文件。 +- `./frps.toml:/etc/frp/frps.toml`:FRPS 配置文件 + +## 安全注意事项 + +1. **修改默认凭据**:务必修改 `FRP_SERVER_TOKEN`、`FRP_ADMIN_USER` 和 `FRP_ADMIN_PASSWORD` 的默认值 +2. **使用强密码**:使用复杂的随机生成的密码和令牌 +3. **防火墙规则**:考虑将管理面板的访问限制在受信任的 IP 地址 +4. **TLS/SSL**:在生产环境中,考虑在 FRP 配置中设置 TLS 加密 + +## 健康检查 + +服务包含一个健康检查,用于验证管理面板是否可访问。健康检查: + +- 每 30 秒运行一次 +- 超时时间为 10 秒 +- 最多重试 3 次 +- 启动后等待 10 秒再进行第一次检查 + +## 许可证 + +FRP 采用 Apache License 2.0 许可证。详情请参阅 [FRP GitHub 仓库](https://github.com/fatedier/frp)。 diff --git a/src/frps/docker-compose.yaml b/src/frps/docker-compose.yaml index 930f6f6..ed44278 100644 --- a/src/frps/docker-compose.yaml +++ b/src/frps/docker-compose.yaml @@ -9,19 +9,24 @@ x-defaults: &defaults services: frps: <<: *defaults - image: ${GLOBAL_REGISTRY:-}snowdreamtech/frps:${FRPS_VERSION:-0.64.0} + image: ${GLOBAL_REGISTRY:-}snowdreamtech/frps:${FRPS_VERSION:-0.65.0} volumes: - - ./frps.toml:/etc/frp/frps.toml:ro + - ./frps.toml:/etc/frp/frps.toml ports: - - ${FRP_PORT_OVERRIDE_SERVER:-9870}:${FRP_SERVER_PORT:-9870} - - ${FRP_PORT_OVERRIDE_ADMIN:-7890}:${FRP_ADMIN_PORT:-7890} + - ${FRP_PORT_OVERRIDE_SERVER:-7000}:${FRP_SERVER_PORT:-7000}/tcp + - ${FRP_PORT_OVERRIDE_SERVER:-7000}:${FRP_SERVER_PORT:-7000}/udp + - ${FRP_PORT_OVERRIDE_ADMIN:-7500}:${FRP_ADMIN_PORT:-7500} environment: TZ: ${TZ:-UTC} - FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN} - FRP_SERVER_PORT: ${FRP_SERVER_PORT:-9870} - FRP_ADMIN_PORT: ${FRP_ADMIN_PORT:-7890} + FRP_AUTH_METHOD: ${FRP_AUTH_METHOD:-token} + FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN:-server_token} + FRP_SERVER_PORT: ${FRP_SERVER_PORT:-7000} + FRP_ADMIN_ADDR: ${FRP_ADMIN_ADDR:-0.0.0.0} + FRP_ADMIN_PORT: ${FRP_ADMIN_PORT:-7500} FRP_ADMIN_USER: ${FRP_ADMIN_USER:-admin} - FRP_ADMIN_PASS: ${FRP_ADMIN_PASS:-password} + FRP_ADMIN_PASSWORD: ${FRP_ADMIN_PASSWORD:-password} + extra_hosts: + - "host.docker.internal:host-gateway" deploy: resources: limits: @@ -31,7 +36,7 @@ services: cpus: ${FRPS_CPU_RESERVATION:-0.1} memory: ${FRPS_MEMORY_RESERVATION:-64M} healthcheck: - test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:${FRP_ADMIN_PORT:-7890}/"] + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:${FRP_ADMIN_PORT:-7500}/"] interval: 30s timeout: 10s retries: 3 diff --git a/src/frps/frps.toml b/src/frps/frps.toml index 0b5e839..7d6b911 100644 --- a/src/frps/frps.toml +++ b/src/frps/frps.toml @@ -1,8 +1,15 @@ -[common] -bind_port = {{ .Envs.FRP_SERVER_PORT }} -token = {{ .Envs.FRP_SERVER_TOKEN }} +bindPort = {{ .Envs.FRP_SERVER_PORT }} +kcpBindPort = {{ .Envs.FRP_SERVER_PORT }} -dashboard_addr = 0.0.0.0 -dashboard_port = {{ .Envs.FRP_ADMIN_PORT }} -dashboard_user = {{ .Envs.FRP_ADMIN_USER }} -dashboard_pwd = {{ .Envs.FRP_ADMIN_PASS }} +[auth] +method = "{{ .Envs.FRP_AUTH_METHOD }}" +token = "{{ .Envs.FRP_SERVER_TOKEN }}" + +[transport] +maxPoolCount = 20 + +[webServer] +addr = "{{ .Envs.FRP_ADMIN_ADDR }}" +port = {{ .Envs.FRP_ADMIN_PORT }} +user = "{{ .Envs.FRP_ADMIN_USER }}" +password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"